Position: Sr. Cybersecurity Engineer
Location: Fairfax, VA
Under general supervision, but following established policies and procedures, works directly with the cyber team and infrastructure and operations teams to research, design, implement, and deploy enterprise-class technologies that will protect company from risks while protecting our member’s data. Accountable for the development of policies, procedures, and technology to secure member data, create a digital workplace to empower staff to deliver products and services in timely and secure fashion to members. Develops IT security programs and recommends necessary changes to the information security team to ensure the company’s systems are fully compliant with all applicable regulatory requirements and privacy laws.
Major Duties & Responsibilities
- Develops IT security programs and recommends necessary changes to the information security team to ensure the company’s systems are fully compliant with all applicable regulatory requirements and privacy laws
- Facilitates third-party audit reviews, testing and remediation of internal IT departments.
- Provides periodic training to company employees on information security topics.
- Stays abreast of the security industry threat landscape, specifically within the company’s industry.
- Recognizes their personal developmental needs and is proactive in obtaining the coaching, networking and training needed to ensure his/her continued success in the position.
- Works to foster two-way communication, teamwork, and learning.
- Conduct vulnerability assessments.
- Support incident response investigations as required and occasional work outside of normal business hours.
- Performs duties and responsibilities in accordance with The Company’s principles, of Team Up, Serve with Purpose, Challenge Yourself, and Own It.
- Remains cognizant of and adheres to credit union policies and procedures, and regulations pertaining to the Bank Secrecy Act.
- Performs other Information Technology duties as assigned by the Director of Cybersecurity
Education & Experience
- Master’s degree in information security, IT, computer science, or equivalent, preferred. Bachelor’s degree in Information security, IT, computer science, or equivalent, required.
- Microsoft M365 security certifications, or similar technical security certifications preferred.
- Minimum of 7 years as a security engineer, required, including experience in design, implementation, and management of security solutions.
- Recent experience in Microsoft cloud technologies, including Azure, MS 365 security controls, infrastructure-as-a-service, as well as public, private, and hybrid computing environments, preferably with experience in Microsoft Azure Active Directory (AD), and security controls available as part of the MS 365 / E5 enterprise license.
- Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, specifically Microsoft Sentinel.
- Proven experiences in the design and deployment of security technologies, including intrusion detection/prevention systems (IDS/IPS), network intrusion and detections systems (NIDS) and host intrusion detection systems (HIDS), public key infrastructure (PKI), identity and access management (IAM) systems, next generation antivirus, firewalls and newer offerings such as endpoint detection and response (EDR), DNS filtering, web application firewalls (WAF), threat intelligence platforms, security automation, software security technologies and application controls.
- Experience in meeting project deadlines while working with multi-disciplinary technical teams.
- Excellent communication skills including written, verbal and presentation for communicating business risk and cybersecurity issues.
- Experience recommending controls and deployment of SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, file integrity monitoring, data loss prevention (DLP) and other network and system monitoring tools.
- Familiarity with one or more of the following: NIST, FFIEC, PCI Data Security Standard (PCI DSS), Center for Internet Security (CIS) standards.
- Familiarity with current privacy and data protection laws as it relates to the effective implementation of network and enterprise security policies, procedures, and technical controls.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute multiple tasks in a high-pressure environment. \
- Ability to conduct research into IT security issues and recommends technical products, as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Team-oriented and skilled in working within a collaborative technical environment
- Some travel may be required.
- Ability to lift a minimum of 50 lbs
Posting ID: 564102784Posted: 2021-02-24